Re: Fwd: uninitialized buffer in midnight commander

From: Pavel Roskin <proski gnu org>
To: Thomas Jarosch <thomas jarosch intra2net com>
Cc: mc-devel gnome org
Subject: Re: Fwd: uninitialized buffer in midnight commander
Date: Wed, 24 Sep 2003 04:04:41 -0400 (EDT)

On Tue, 23 Sep 2003, Thomas Jarosch wrote:

> Hello!
>
> I've seen this posting on bugtraq, but it looks like Ilya Teterin didn't
> care to contact the authors of mc. Forgive me if I'm wrong :-)

Thank you for your report.  I confirm that the bug is still present in the
CVS version.  Indeed, vfs_s_resolve_symlink() uses buffer of fixed size
but never checks if its size is sufficient.

There are still places in the VFS code that were written without any
thought of security.

-- 
Regards,
Pavel Roskin

References:
- Fwd: uninitialized buffer in midnight commander
  - From: Thomas Jarosch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]